Major vulnerabilities known as Frostbyte10 have been discovered in Copeland controllers used in thousands of refrigeration systems at grocery chains, potentially allowing attackers to manipulate temperatures and disrupt supply chains. Armis identified ten critical flaws, prompting Copeland to issue firmware updates and CISA to urge immediate patching of affected systems. While no exploitation has been confirmed in the wild, the pervasive use of these controllers makes them a prime target for malicious actors.

Zscaler has experienced a supply chain attack that compromised customer information through vulnerabilities in the Salesloft and Drift platforms. The breach underscores the risks associated with third-party services and the importance of securing supply chains in cybersecurity.

Over 6,700 private repositories were made public due to a malicious supply chain attack involving Nx. The attackers used a post-install script to exfiltrate sensitive data, including API keys and tokens, by creating public repositories to store the stolen information. Security firm Wiz reported that more than 20,000 files were compromised, affecting numerous users.

The article discusses the S1ngularity supply chain attack, highlighting its implications for cybersecurity and the importance of securing supply chains against such threats. It examines the tactics used by attackers and offers insights into how organizations can better protect themselves from similar vulnerabilities in the future.

An npm package called 'rand-user-agent' was compromised in a supply chain attack, leading to the injection of a remote access trojan (RAT) in unauthorized versions. Despite being deprecated, the package had a significant number of downloads, and users are advised to revert to the last legitimate version and conduct full system scans if they installed the malicious updates. The attack was traced back to an outdated automation token that allowed the unauthorized releases.

Over 500 NPM packages were compromised by a self-replicating worm called Shai-Hulud, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert for developers to secure their credentials and review dependencies. GitHub is implementing stricter authentication and security measures to prevent future attacks.

A supply-chain attack named GlassWorm is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces, leading to an estimated 35,800 installations of self-spreading malware. Utilizing invisible characters to hide its code, GlassWorm steals credentials and cryptocurrency wallet information, while employing the Solana blockchain for command-and-control, making it challenging to dismantle. Researchers have identified multiple infected extensions and warn of the malware's sophisticated nature, marking it as a significant threat to developer environments.